What Is Next-Generation Endpoint Security?

The evolution to next-generation endpoint security

As the number, type, and sophistication of threats evolve, organizations require more intelligence and insight than traditional endpoint security provides. More threat actors are shifting their aim to weaknesses created by user behavior, poor cybersecurity hygiene, and shadow IT. The dramatic increase in the types of endpoint devices—including smartphones, tablets, wearable devices, and more—has overpowered first-generation endpoint security. The increasing number of potentially vulnerable endpoints can also exhaust security team resources that are relying on traditional cybersecurity defenses. Depending on separate software processes to handle the security and security management of endpoints can result in potential disconnects. And maintaining and updating blacklists of malicious codes requires more and more resources. And these legacy products still leave organizations susceptible to zero-day exploits, data theft threatening to slip through among too many false positives.

Next-generation, automated technologies that examine every process on every device to counter potential attacks have become necessary to better lock down endpoint security. Next-generation endpoint protection software, using artificial intelligence (AI) and machine learning, can deliver the following protections that traditional endpoint protection cannot provide:

• Detecting unauthorized behaviors of users, applications, or network services
• Blocking suspicious actions before execution
• Processing data through ML and AI to identify malicious files or processes
• Stopping unauthorized data movement
• Analyzing suspicious app data in isolated "sandboxes"
• Rolling back endpoints and data to a previous state in the event of a ransomware attack
• Isolating suspect endpoints and processes
• Delivering endpoint detection and response that can continuously monitor systems and networks to mitigate advanced threats.

Next-generation endpoint protection through AI and machine learning

The Role of EDR and Machine Learning and the Return to Endpoint Protection Platform Suites

While blocking known threats remains an important part of endpoint and network protection, the volume of threats and information that must be processed is greater than humans can manage alone. Advanced detection capabilities involve humans teaming with machines to defend against the ingenuity of human attackers also using machines to carry out their criminal campaigns. Modern threat actors study the strategies enterprises use to try to block attacks and increase the sophistication of their targeted malware to counter these defenses. The best organizational cybersecurity strategy includes a combination of blacklisting threats teamed with the speed of machines to process, adapt, and scale. AI and machine learning can weed out known threats and focus machine learning algorithms on just the unknown threats while still ensuring minimal false positives.

Integrating endpoint security and protection with AI and machine learning technology creates a system environment that not only protects against all stages of an attack but improves as each new threat is detected. Artificial intelligence can then act in a prescribed manner to these new and learned threats. By incorporating centralized management and control, this approach can move organizations beyond reactive, blacklist-centric controls to a much more proactive approach. The mixture of machine processing speed and AI capable of recognizing patterns, plus human judgement and intuition, is the next generation of enterprise cybersecurity.

Behavioral analysis requires next-generation endpoint protection technology—AI and machine learning—to deliver this type of ongoing, continually evolving protection. Protecting against fileless and other advanced attacks requires an integrated approach that provides a multi-layered defense while investigating every phase of an attack campaign. 

Trellix next-generation endpoint protection

Next-generation endpoint security featuring AI and machine learning enhance an integrated, centrally managed approach to network and device security as part of a comprehensive system security. Trellix believes in-depth defense, which is security and protection that’s integrated and proactively evolving, is the most appropriate strategy for next-generation endpoint protection. Trellix’s endpoint protection has evolved using machine learning technology toward more complex analytics through deep learning and AI. Our security solutions protect data and stop even the most advanced threats using an open, proactive, and intelligence-driven approach, allowing an enterprise’s security team to make better-informed decisions while getting the most out of human and technological resources.

Trellix Endpoint Security provides endpoint antivirus, firewall, exploit prevention, connectivity protections and delivers machine-learning technology for detecting zero-day exploits and suspicious code and behavior.

AI-driven Trellix software stops malicious actions before they affect systems or data, while its integrated and automated endpoint detection and response technology offers one-click, centralized incident investigation and proactive response. This defense-in-depth approach provides a highly integrated continuum of protection.

Machine learning applications in Trellix solutions consider:

• Where the data will be gathered and computed
• What raw data is needed and if sampling can be applied
• The cost of bandwidth and latency to the customer
• Where the periodic or continuous learning will occur
• Where, how, and when data will be stored
• How often the model should be recalculated due to changing customer processes, metadata, or governance policies